What Is Claimed Is: 

1 . \ A method for sharing a secure communication session with a client 
between a plurality of servers, comprising: 

receiving a message from the client at a first server in the plurality of 
servers, the mess^e including a session identifier that identifies a secure 
communication sesfeion with the client; and 

if the session\dentifier does not correspond to an active secure 
communication sessioX on the first server, establishing an active secure 
communication session with the client on the first server by, 

attempting to retrieve state information associated with the 
session identifier for an active secure communication session 
between the clrent and a second server from the plurality of 
servers, \ 

if the state mformation for the active secure communication 
session is retrieved, vising the state information to establish the 
active secure communication session with the client without 
having to communicate with the client, and 

if the state information for the active secure communication 
session is not retrieved, communicating with the client to establish 
the active secure communicafbn session with the client. 

2. The method of claim 1 , wherein ktempting to retrieve the state 
information includes: \ 

attempting to use the session identifier to idWify the second server in the 
plurality of servers that has an active secure communkation session with the 
client that corresponds to the session identifier; and \ 
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6 \ attempting to retrieve the state information from the second server. 

1 3 A The method of claim 1 , wherein attempting to retrieve the state 

2 information\nvolves attempting to retrieve the state information from a 

3 centraUzed repository that is in communication with the plurality of servers. 

1 4. Th\ method of claim 3, wherein the centralized repository includes 

2 a database for storing the state information. 

1 5. The method of claim 1 , wherein establishing the active secure 

2 communication session involves establishing a secure sockets layer (SSL) 

3 connection with the client. \ 

1 6. The method of claim 1 , wherein the state information includes: 

2 a session encryption key for the secure communication session; 

3 the session identifier for the^ecure communication session; and 

4 a running message digest for the secure communication session. 

1 7. The method of claim 6, fuimer comprising: 

2 using the message to update the runnirig message digest; and 

3 checkpointing the updated running message digest to a location outside of 

4 the first server. \ 

1 8. The method of claim 1 , fiirther comprising, if the state information 

2 for the active secure communication session is retrieved, purging the state 

3 information from a location from which the state infomration was retrieved, so 
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4 that tKe state information cannot be subsequently retrieved by another server in the 

5 pluralit\of servers. 



1 

2 
3 



9. \ The method of claim 1, further comprising initially establishing an 
active secure cojnmunication session between the client and the second server, the 
active secure cornmunication session being identified by the session identifier. 



1 10. The nmhod of claim 1 , wherein attempting to retrieve the state 

2 information includes auttienticating and authorizing the first server. 



yi 
yj 

nj 



1 1 1 . A method fo\ sharing a secure communication session between a 

2 plurality of servers, comprisir 

3 sending a message from\a client to a first server in the plurality of servers, 

4 the first server having no active seoure communication session with the client, the 

5 message including a session identifiei^ 

6 receiving a response to the message from the first server; and 

7 if the response indicates that no aMive secure communication session has 

8 been created with the client on the first ser^r, communicating with the first server 

9 to establish an active secure communication Xession. 



1 12. The method of claim 1 1, whereinXhe client sends the message to 

2 the first server only if an active secure communication session is held by a second 

3 server in the plurality of servers, wherein the second\erver has an address that is 

4 related to the address of the first server. 

1 1 3. A computer-readable storage medium storin^nstructions that 

2 when executed by a computer cause the computer to perform avmethod for sharing 
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a\secure communication session with a client between a plurality of servers, the 
m^hod comprising: 

receiving a message from the client at a first server in the plurality of 
server^ the message including a session identifier that identifies a secure 
commurncation session with the client; and 

if tite session identifier does not correspond to an active secure 
communication session on the first server, establishing an active secure 
communicatioij session with the client on the first server by, 

attempting to retrieve state information associated with the 
se^ion identifier for an active secure communication session 
between the client and a second server from the plurality of 
servers 

iY the state information for the active secure communication 
session is Wrieved, using the state information to establish the 
active securSi communication session with the client without 
having to communicate with the client, and 

if the state^dnformation for the active secure communication 
session is not retrieved, communicating with the client to establish 
the active secure communication session with the client. 



1 14. The computer-readable stWage medium of claim 13, wherein 

2 attempting to retrieve the state information\ncludes: 

3 attempting to use the session identifiek to identify the second server in the 

4 plurality of servers that has an active secure communication session with the 

5 client that corresponds to the session identifier; and 

6 attempting to retrieve the state information nom the second server. 
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The computer-readable storage medium of claim 13, wherein 



2 attemptingVo retrieve the state information involves attempting to retrieve the 

3 state information from a centralized repository that is in communication with the 

4 plurality of senders. 

1 16. Tha computer-readable storage medium of claim 15, wherein the 

2 centralized repository includes a database for storing the state information. 

1 17. The cornbuter-readable storage medium of claim 13, wherein 

2 establishing the active seoure communication session involves establishing a 

3 secure sockets layer (SSL) csonnection with the client. 

1 18. The computer-readable storage medium of claim 13, wherein the 

2 state information includes: 

3 a session encryption key foKthe secure communication session; 

4 the session identifier for the secure conununication session; and 

5 a running message digest for the^ secure communication session. 

1 19. The computer-readable storJ^ge medium of claim 1 8, wherein the 

2 method further comprises: 

3 using the message to update the running message digest; and 

4 checkpointing the updated running message digest to a location outside of 

5 the first server. 

1 20. The computer-readable storage medium of claim 13, wherein the 

2 method further comprises, if the state information for tn^active secure 

3 communication session is retrieved, purging the state infoi^ation from a location 
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4 fro A which the state information was retrieved, so that the state information 

5 cannot be subsequently retrieved by another server in the plurality of servers. 

1 2i. The computer-readable storage medium of claim 13, wherein the 

2 method further comprises initially establishing an active secure communication 

3 session betv)teen the client and the second server, the active secure communication 

4 session being identified by the session identifier. 

1 22. Thevcomputer-readable storage medium of claim 1 3, wherein 

2 attempting to retrievt the state information includes authenticating and 

3 authorizing the first server. 

1 23. A computer-readable storage medium storing instructions that 

2 when executed by a compuW cause the computer to perform a method for sharing 

3 a secure communication sessiWi between a plurality of servers, comprising: 

4 sending a message fromV client to a first server in the plurality of servers, 

5 the first server having no active se^cure communication session with the client, the 

6 message including a session identifiier; 

7 receiving a response to the mitssage from the first server; and 

8 if the response indicates that noactive secure communication session has 

9 been created with the client on the first s\rver, communicating with the first server 
1 0 to establish an active secure communication session. 

1 24. The computer-readable storageVedium of claim 23, wherein the 

2 client sends the message to the first server only if an active secure communication 

3 session is held by a second server in the plurality of servers, wherein the second 

4 server has an address that is related to the address ot\the first server. 

20 

Attorney Docket No. OR99-17401 Inventor(s): Vipin Samar 

ARPC:\MY DOCUMENTS\ORACLE C0RP0RATI0N\0R99- 1 740 1\0R99- 17401 APPLICATI0N.DOC 



1 25\ An apparatus that shares a secure communication session with a 

2 client between a plurality of servers, comprising: 

3 a receiving mechanism, at a first server in the plurality of servers, that 

4 receives a message from the client, the message including a session identifier that 

5 identifies a secure Communication session with the client; 

6 an examinatiW mechanism that examines the session identifier; and 

7 a session initi^zation mechanism, on the first server, wherein if the 

8 session identifier does nbt correspond to an active secure communication session 

9 on the first server, the session initialization mechanism is configured to establish 

10 an active secure communication session with the client by, 

1 1 attempting to retrieve state information associated with the 

12 session identified for an active secure communication session 

1 3 between the clientVid a second server from the plurality of 

14 servers, \ 

1 5 if the state infonnation for the active secure communication 

16 session is retrieved, usingthe state information to establish the 

1 7 active secure communication\session with the client without 

1 8 having to communicate with th\client, and 

19 if the state information fonhe active secure communication 

20 session is not retrieved, communicatW with the client to establish 

21 the active secure communication sessioVwith the client. 

1 26. The apparatus of claim 25, wherein the session initialization 

2 mechanism is configured to attempt to retrieve the state information by: 
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\ attempting to use the session identifier to identify the second server in the 
pluraliw of servers that has an active secure communication session with the 
client that corresponds to the session identifier; and 

attempting to retrieve the state information from the second server. 

27. uhe apparatus of claim 25, wherein the session initialization 
mechanism is configured to attempt to retrieve the state information by attempting 
to retrieve the statednformation from a centralized repository that is in 
communication withNthe plurality of servers. 

28. The apparatus of claim 27, wherein the centralized repository 
includes a database for stonng the state information. 

29. The apparatus M claim 25, wherein the active secure 
communication session include^a secure sockets layer (SSL) connection with the 
client. \ 

30. The apparatus of clain\25, wherein the state information includes: 
a session encryption key for theVecure communication session; 

the session identifier for the secuJe communication session; and 
a running message digest for the seVure communication session. 

3 1 . The apparatus of claim 30, furtlier comprising an updating 
mechanism that is configured to: \ 

use the message to update the rurming message digest; and to 
checkpoint the updated running message digest to a location outside of the 
first server. \ 
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1 \ 32. The apparatus of claim 25, further comprising a purging 

2 mechaMsm that is configured to purge the state information from a location from 

3 which tHfe state information was retrieved, so that the state information cannot be 

4 subsequently retrieved by another server in the plurality of servers. 

1 33. Vfhe apparatus of claim 25, wherein the session initialization 

2 mechanism is configured to authenticate and authorize the first server prior to 

3 receiving the stat^nformation. 

1 34. An apparatus that facilitates sharing a secure communication 

2 session between a plurality of servers, comprising: 

3 a sending mechanism that sends a message from a client to a first server in 

4 the plurality of servers, the first server having no active secure communication 

5 session with the client, the message including a session identifier; 

6 a receiving mechanism mat receives a response to the message from the 

7 first server; and \ 

8 a session initialization mechanism that communicates with the first server 

9 to establish an active secure communication session with the first server if the 

10 response indicates that no active secur^ communication session has been created 

1 1 with the client on the first server. \ 

1 35. The apparatus of claim 34, A^erein the sending mechanism sends 

2 the message to the first server only if an active secure communication session is 

3 held by a second server in the plurality of servers, wherein the second server has 

4 an address that is related to the address of the first server. 
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